GHSA-45gg-vh54-h5m9MediumCVSS 6.3
golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions
🔗 CVE IDs covered (1)
📋 Description
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.
🎯 Affected products1
- go/golang.org/x/crypto/ssh:< 0.52.0